Delete that portforward for 8080 and the firewallrule it created for it. Then readd the portforward making sure the firewallrule autocreate tickbox is still enabled. If that doesn't help either review your firewall rules at WAN. The order is important and in case you have some custom block rules there and the firewallrule is created below that one it won't match. If that still doesn't help edit the firewallrule and check the log option. Then retest and check your firewallogs at status>systemlogs, firewall.

I would drop the dsl router and build a dualwan pfSense. For the public IPs in the DMZ just use a bridged interface. That would make 4 interfaces in the pfSense then: WAN, WAN2, LAN, bridged DMZ.

Search is your friend….. http://forum.pfsense.org/index.php/topic,8562.0.html

Great, thanks so much. ;D

normal nat (portforward) is just a single port or a portrange of a specific protocol inbound. 1:1 means that all ports and all protocols are forwarded inbound and outbound to that IP. Both variants still need firewallrules for traffic to pass of course.

The best solution, IMO, would be to run both WANs to your pfSense and scrap the Checkpoint. Then you could have OWA on both WANs without messing with the server config…

I'm guessing by the stony silence this question has accumulated, this isn't something that pfsense is going to help me with. In the meantime, I came up with an alternate solution.  I setup a vpn connection to my internal server using OpenVPN.  I created a new interface with the external host's IP.  I setup a route for that IP from my workstation across the vpn. So, whenever I need to take over the external site's IP, I activate the vpn connection. I supposed using a proxy server on the pfsense box would be a way to go to keep the solution on the firewall box. Jim

:)

nothing gets blocked.

The rule looks good. That will map any traffic from that host to that IP. If you only want smtp for example you could add that to the rule too. Make sure it's above the default lan to wan rule in the list. You need manual outbound nat to be turned on or it won't use your manually entered rules.

Mainly lack of interest/need I think. Posting a bounty could always help.

Agreed  :)

Looks like that got it.  Thanks for the info.

well, rebooting pfsense for another task has also fixed this.. thanks

I'll give it a try.  Hopefully I only have to put one firewall entry in. EDIT:  That did it.  Seems to be working fine now.  I only had to use one firewall entry too.  So 2 NAT and 1 firewall with tcp/udp.

Looks like your ftpserver hands out his private IP to the client. Check your ftpserver's manpage to see how to make it aware of it's public IP.

Sounds like a wrong subnetmask or a wrong gateway IP to me on Interfaces>WAN

Thanks  ;)

Reply to myself… Some more info on the subject. This is what I would like to do, but in pfSense. Doable? http://www.mail-archive.com/misc@openbsd.org/msg13901.html and the answer in this case: http://www.mail-archive.com/misc@openbsd.org/msg14011.html